Navigation

This module contains some helper classes that help one to add session
support to a python WSGI application. For full client-side session
storage see securecookie which implements a
secure, client-side session storage.

The current session will then appear in the WSGI environment as
werkzeug.session. However it’s recommended to not use the middleware
but the stores directly in the application. However for very simple
scripts a middleware for sessions could be sufficient.

This module does not implement methods or ways to check if a session is
expired. That should be done by a cronjob and storage specific. For
example to prune unused filesystem sessions one could check the modified
time of the files. If sessions are stored in the database the new()
method should add an expiration timestamp for the session.

For better flexibility it’s recommended to not use the middleware but the
store and session object directly in the application dispatching:

A simple middleware that puts the session object of a store provided
into the WSGI environ. It automatically sets cookies and restores
sessions.

However a middleware is not the preferred solution because it won’t be as
fast as sessions managed by the application itself and will put a key into
the WSGI environment only relevant for the application which is against
the concept of WSGI.

The cookie parameters are the same as for the dump_cookie()
function just prefixed with cookie_. Additionally max_age is
called cookie_age and not cookie_max_age because of backwards
compatibility.